CVEs from 2026
Total
13,942
critical
critical 1,209
high
high 4,535
medium
medium 4,387
low
low 481
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-7677 | low | 3.5 | 3.5 | 1mo ago | A vulnerability was determined in kerwincui FastBee up to 1.2.1. The impacted element is the function Add of the file springboot/fastbee-admin/src/main/java/com/fastbee/web/controller/system/SysNotic… | |||
| CVE-2026-7501 | low | 3.5 | 3.5 | 1mo ago | A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument p… | |||
| CVE-2026-41663 | low | 3.5 | 3.5 | 1mo ago | Admidio has CSRF on Admin Preferences that Triggers Unauthorized Backup, .htaccess Write, and Email Send | |||
| CVE-2026-7390 | low | 3.5 | 3.5 | 1mo ago | A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the arg… | |||
| CVE-2026-7222 | low | 3.5 | 3.5 | 1mo ago | A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the compo… | |||
| CVE-2026-7110 | low | 3.5 | 3.5 | 1mo ago | A flaw has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /item. Executing a manipulation of the argument item name/description can lead to cro… | |||
| CVE-2026-7021 | low | 3.5 | 3.5 | 1mo ago | A weakness has been identified in SmythOS sre up to 0.0.15. This impacts an unknown function of the file packages/sdk/src/LLM/utils.ts of the component Connector Service. This manipulation of the arg… | |||
| CVE-2026-6990 | low | 3.5 | 3.5 | 1mo ago | A vulnerability was found in projeto-siga siga 11.0.3.18. The affected element is an unknown function of the file /sigawf/app/responsavel/novo. Performing a manipulation of the argument Nome/Descriçã… | |||
| CVE-2026-6745 | low | 3.5 | 3.5 | 1mo ago | Bagisto affected by Cross-site Scripting | |||
| CVE-2026-6743 | low | 3.5 | 3.5 | 1mo ago | A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the component Calendar. The manipulation leads to cross site scripting. The attack may be initiated rem… | |||
| CVE-2026-6648 | low | 3.5 | 3.5 | 1mo ago | A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripti… | |||
| CVE-2026-6633 | low | 3.5 | 3.5 | 1mo ago | A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifang_backend_account/logic/admin/L_rbac_admin.php of the component Exte… | |||
| CVE-2026-6619 | low | 3.5 | 3.5 | 1mo ago | A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePrevie… | |||
| CVE-2026-6600 | low | 3.5 | 3.5 | 1mo ago | A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of … | |||
| CVE-2026-6593 | low | 3.5 | 3.5 | 1mo ago | A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cros… | |||
| CVE-2026-6592 | low | 3.5 | 3.5 | 1mo ago | A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user_manager.py of the component userdata Endpoint. Such manipulatio… | |||
| CVE-2026-6493 | low | 3.5 | 3.5 | 2mo ago | A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/[locale]/(auth)/reset-password/components/reset-password-form.tsx of the component… | |||
| CVE-2026-6486 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manip… | |||
| CVE-2026-6216 | low | 3.5 | 3.5 | 2mo ago | DbGate has cross site scripting via the SVG Icon String Handler component | |||
| CVE-2026-6162 | low | 3.5 | 3.5 | 2mo ago | A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdat… | |||
| CVE-2026-6106 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/static_headers_middleware.py of the co… | |||
| CVE-2026-5810 | low | 3.5 | 3.5 | 2mo ago | A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argume… | |||
| CVE-2026-5806 | low | 3.5 | 3.5 | 2mo ago | A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cro… | |||
| CVE-2026-35679 | low | 3.5 | 3.5 | 2mo ago | Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draining of user funds from the Sprout pool. It was someti… | |||
| CVE-2026-5568 | low | 3.5 | 3.5 | 2mo ago | A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scrip… | |||
| CVE-2026-5370 | low | 3.5 | 3.5 | 2mo ago | Krayin CRM is vulnerable to Cross-site Scripting (XSS) | |||
| CVE-2026-5325 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create … | |||
| CVE-2026-5254 | low | 3.5 | 3.5 | 2mo ago | A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. Affected by this issue is some unknown functionality of the file /ui/app/components/AppJsonTreeView.vue of the component… | |||
| CVE-2026-5253 | low | 3.5 | 3.5 | 2mo ago | A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by this vulnerability is an unknown functionality of the file /web/src/layout/components/Header/MessageList.vue of the component edi… | |||
| CVE-2026-5252 | low | 3.5 | 3.5 | 2mo ago | A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation … | |||
| CVE-2026-5249 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was found in gougucms 4.08.18. This impacts an unknown function of the file \gougucms-master\app\admin\view\user\record.html of the component Record Endpoint. Performing a manipulatio… | |||
| CVE-2026-4995 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message E… | |||
| CVE-2026-4994 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function generic_exception_handler of the file backend/openui/server.py of the component APIStatusError Handler. The mani… | |||
| CVE-2026-4973 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulatio… | |||
| CVE-2026-4969 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was identified in code-projects Social Networking Site 1.0. The impacted element is an unknown function of the file /home.php of the component Alert Handler. The manipulation of the a… | |||
| CVE-2026-32984 | low | 3.5 | 3.5 | 2mo ago | Wazuh authd contains a heap-buffer overflow vulnerability that allows attackers to cause memory corruption and malformed heap data by sending specially crafted input. Attackers can exploit this vulne… | |||
| CVE-2026-4835 | low | 3.5 | 3.5 | 2mo ago | A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of the file /my_account/add_costumer.php of the component Web Application Interface.… | |||
| CVE-2026-4495 | low | 3.5 | 3.5 | 2mo ago | A security flaw has been discovered in atjiu pybbs 6.0.0. This impacts the function create of the file src/main/java/co/yiiu/pybbs/controller/api/CommentApiController.java. The manipulation results i… | |||
| CVE-2026-4494 | low | 3.5 | 3.5 | 2mo ago | A vulnerability was identified in atjiu pybbs 6.0.0. This affects the function create of the file src/main/java/co/yiiu/pybbs/controller/api/TopicApiController.java. The manipulation leads to cross s… | |||
| CVE-2026-4355 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was detected in Portabilis i-Educar 2.11. This impacts an unknown function of the file /intranet/educar_servidor_curso_lst.php of the component Endpoint. Performing a manipulation of … | |||
| CVE-2026-4354 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was identified in TRENDnet TEW-824DRU 1.010B01/1.04B01. The impacted element is the function sub_420A78 of the file apply_sec.cgi of the component Web Interface. Such manipulation of … | |||
| CVE-2026-4239 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object pr… | |||
| CVE-2026-4186 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This man… | |||
| CVE-2026-4166 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in c… | |||
| CVE-2026-3984 | low | 3.5 | 3.5 | 3mo ago | A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file save_up_athlete.php. This manipulation o… | |||
| CVE-2026-3983 | low | 3.5 | 3.5 | 3mo ago | A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation of the argume… | |||
| CVE-2026-3946 | low | 3.5 | 3.5 | 3mo ago | A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site… | |||
| CVE-2026-2825 | low | 3.5 | 3.5 | 3mo ago | A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fix_html of the file tools/fix.py of the component Article Module. The manipulation leads to cross si… | |||
| CVE-2026-2709 | low | 3.5 | 3.5 | 3mo ago | A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulatio… | |||
| CVE-2026-1406 | low | 3.5 | 3.5 | 4mo ago | A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of… | |||
| CVE-2026-1161 | low | 3.5 | 3.5 | 4mo ago | A vulnerability was detected in pbrong hrms 1.0.1. The affected element is the function UpdateRecruitmentById of the file /handler/recruitment.go. The manipulation results in cross site scripting. Th… | |||
| CVE-2026-1136 | low | 3.5 | 3.5 | 4mo ago | A weakness has been identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. Affected is the function Save of the file /blog/bContent/save of the component ContentController. This… | |||
| CVE-2026-0824 | low | 3.5 | 3.5 | 5mo ago | QuestDB UI's Web Console is Vulnerable to Cross-Site Scripting | |||
| CVE-2026-34685 | low | 3.4 | 3.4 | 21d ago | Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Sec… | |||
| CVE-2026-40131 | low | 3.4 | 3.4 | 21d ago | SQL injection vulnerability exists in @sap/hdi-deploy package, where SQL queries are dynamically constructed using user input without proper parameterization or prepared statements. Successful exploi… | |||
| CVE-2026-42195 | low | 3.4 | 3.4 | 25d ago | draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAut… | |||
| CVE-2026-44405 | low | 3.4 | 3.4 | 28d ago | Paramiko rsakey.py allows the SHA-1 algorithm | |||
| CVE-2026-10528 | low | 3.3 | 3.3 | 14h ago | A security flaw has been discovered in Orthanc DICOM Server up to 1.12.11. This issue affects the function DcmItem::read of the file OrthancFramework/Sources/DicomParsing/FromDcmtkBridge.cpp of the c… | |||
| CVE-2026-10298 | low | 3.3 | 3.3 | 15h ago | A security flaw has been discovered in ggml-org whisper.cpp up to 1.8.2. This vulnerability affects the function whisper_model_load of the file ggml/src/ggml.c. The manipulation results in null point… | |||
| CVE-2026-10295 | low | 3.3 | 3.3 | 15h ago | A vulnerability was found in SourceCodester Customer Review App 1.0. Affected by this vulnerability is the function add_review/save_review/get_all_reviews of the file review_app.py. Performing a mani… | |||
| CVE-2026-28586 | low | 3.3 | 3.3 | 16h ago | In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution pri… | |||
| CVE-2026-0056 | low | 3.3 | 3.3 | 16h ago | In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed.… | |||
| CVE-2026-0050 | low | 3.3 | 3.3 | 16h ago | In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional … | |||
| CVE-2026-0016 | low | 3.3 | 3.3 | 16h ago | In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disc… | |||
| CVE-2026-45278 | low | 3.3 | 3.3 | 19h ago | Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redirect users to another website, when the victim uses … | |||
| CVE-2026-45277 | low | 3.3 | 3.3 | 19h ago | Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated with specific approval workflows where they can req… | |||
| CVE-2026-10268 | low | 3.3 | 3.3 | 21h ago | A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshal_one_fiber of the file src/core/marsh.c. Executing a manipulation can lead to integer… | |||
| CVE-2026-10267 | low | 3.3 | 3.3 | 23h ago | A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attackin… | |||
| CVE-2026-10233 | low | 3.3 | 3.3 | 1d ago | A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::read_sequence_infos of the file HL1MDLLoader.cpp of the component Half-Life 1 MD… | |||
| CVE-2026-10201 | low | 3.3 | 3.3 | 2d ago | A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a ma… | |||
| CVE-2026-10199 | low | 3.3 | 3.3 | 2d ago | A vulnerability has been found in Assimp up to 6.0.4. Affected by this issue is the function glTF2::LazyDict in the library glTF2Asset.h. Such manipulation of the argument operator[] leads to null po… | |||
| CVE-2026-10198 | low | 3.3 | 3.3 | 2d ago | A flaw has been found in Assimp up to 6.0.4. Affected by this vulnerability is the function Assimp::glTFImporter::ImportMeshes of the file glTFImporter.cpp of the component glTFImporter. This manipul… | |||
| CVE-2026-10197 | low | 3.3 | 3.3 | 2d ago | A vulnerability was detected in Assimp up to 6.0.4. Affected is the function glTF2Importer::ImportEmbeddedTextures in the library code/AssetLib/glTF2/glTF2Importer.cpp of the component TF File Handle… | |||
| CVE-2026-49383 | low | 3.3 | 3.3 | 4d ago | In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible | |||
| CVE-2026-45324 | low | 3.3 | 3.3 | 4d ago | Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a double free in librz/core/cmd/cmd_search.c:byte_pattern_search() due wrong pointer ownership declared. This vul… | |||
| CVE-2026-45613 | low | 3.3 | 3.3 | 4d ago | Rizin is a UNIX-like reverse engineering framework and command-line toolset. There is a heap-buffer-overflow in librz/bin/format/omf/omf.c. This vulnerability is fixed by commit e6d0937c8a083e23ed76c… | |||
| CVE-2026-47337 | low | 3.3 | 3.3 | 5d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AF_INET/AF_INET6 socket mediation. The bug can be triggered by an unprivileged local u… | |||
| CVE-2026-47336 | low | 3.3 | 3.3 | 5d ago | Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized variable in AppArmor AF_INET/AF_INET6 socket mediation code. The bug can be triggered by an unprivileged local user and… | |||
| CVE-2026-47330 | low | 3.3 | 3.3 | 5d ago | Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unpri… | |||
| CVE-2026-47329 | low | 3.3 | 3.3 | 5d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user a… | |||
| CVE-2026-47327 | low | 3.3 | 3.3 | 5d ago | Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This c… | |||
| CVE-2026-48156 | low | 3.3 | 3.3 | 5d ago | pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams w… | |||
| CVE-2026-9572 | low | 3.3 | 3.3 | 7d ago | A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such manipulation of t… | |||
| CVE-2026-9567 | low | 3.3 | 3.3 | 7d ago | A security flaw has been discovered in GPAC up to 2.4.0. Affected is the function MergeFragment of the file src/isomedia/isom_intern.c of the component MP4Box. The manipulation results in null pointe… | |||
| CVE-2026-9530 | low | 3.3 | 3.3 | 7d ago | A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a mani… | |||
| CVE-2026-9529 | low | 3.3 | 3.3 | 7d ago | A security flaw has been discovered in GNU LibreDWG up to 0.14. The affected element is the function match_BLOCK_HEADER of the file dwggrep.c of the component Dwggrep Utility. Performing a manipulati… | |||
| CVE-2026-9504 | low | 3.3 | 3.3 | 8d ago | A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bou… | |||
| CVE-2026-9503 | low | 3.3 | 3.3 | 8d ago | A security flaw has been discovered in GNU LibreDWG up to 0.14. This impacts the function dwg_next_entity of the file src/decode.c of the component DWG File Handler. The manipulation results in null … | |||
| CVE-2026-9501 | low | 3.3 | 3.3 | 8d ago | A vulnerability was determined in GNU LibreDWG up to 0.14. The impacted element is the function decompress_R2004_section of the file src/decode.c of the component Dwgread Utility. Executing a manipul… | |||
| CVE-2026-39824 | low | 3.3 | 3.3 | 11d ago | NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated strin… | |||
| CVE-2026-47782 | low | 3.3 | 3.3 | 13d ago | Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web p… | |||
| CVE-2026-33565 | low | 3.3 | 3.3 | 14d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |||
| CVE-2026-28751 | low | 3.3 | 3.3 | 14d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |||
| CVE-2026-27781 | low | 3.3 | 3.3 | 14d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |||
| CVE-2026-25110 | low | 3.3 | 3.3 | 14d ago | in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |||
| CVE-2026-0965 | low | 3.3 | 3.3 | 15d ago | Moderate: libssh security update | |||
| CVE-2026-47091 | low | 3.3 | 3.3 | 15d ago | Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcript_path value via stdin… | |||
| CVE-2026-8770 | low | 3.3 | 3.3 | 16d ago | A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulat… | |||
| CVE-2026-20793 | low | 3.3 | 3.3 | 21d ago | Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an a… | |||
| CVE-2026-41530 | low | 3.3 | 3.3 | 21d ago | The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation fe… |